A twitter exploit may be, but it's a bug for sure when you click on resend confirmation email, you are take to a page that have only:{"messageForFlash":"A confirmation email has been sent to you."}
which indicates that the you can pass a variable to the page "messageForFlash" with anything you want it to print like some malicious code or a different message like "I can put my text on Twitter".
but this diffently an exploit that cannot hurt twitter it self.
